On the Paragon Initiative blog has a new post that shares some of their own tips and tricks of how to building secure PHP applications moving forward in to 2018.

As the year 2018 approaches, technologists in general—and web developers in particular—must discard many of their old practices and beliefs about developing secure PHP applications. This is especially true for anyone who does not believe such a feat is even possible.

This guide should serve as a complement to the e-book, PHP: The Right Way, with a strong emphasis on security and not general PHP programmer topics (e.g. code style).

The guide covers a wide rang of topics that can help you secure your applications (and not just PHP ones either) including:

working with security headers

safely handling file uploads

effective password hashing

general-purpose cryptography

searchable encryption

event logging with Chronicle

Each item in the list is a link to another part of the guide where the topic is discussed. In each there's plenty of good information about prevention and implementation as well as links to other tutorials and packages that can help.

The Laravel News site has a quick post sharing a helpful topic for the Laravel users out there. In the tutorial they show how to create custom helpers for use across the entire application in any scope.

Laravel provides many excellent helper functions that are convenient for doing things like working with arrays, file paths, strings, and routes, among other things like the beloved dd() function.

You can also define your own set of helper functions for your Laravel applications and PHP packages, by using Composer to import them automatically.

If you are new to Laravel or PHP, let’s walk through how you might go about creating your own helper functions that automatically get loaded by Laravel.

The tutorial starts off by recommending the placement of the custom helper file and how to ensure it's autoloaded when the application is bootstrapped. It then covers the creation of the helper functions including the use of if checks to ensure there's not a function naming collision. Finally the post includes an example of a helper file, sharing the creation of two methods: show_route and plural_from_model. The post ends with a look at packages and how to include helper files inside of them for use in your application.

In a post on the Dev.to site Dhurim Kelmendi shares an introduction to the SOLID principles of software development, a set of guidelines that can help to make your software more robust, flexible and testable in the long run.

This article aims to give a solid explanation of SOLID Principles and give some insight on their benefits and potential issues when applying them. Let’s go through each of them briefly.

He then goes through each of the principles and describes the basics behind them:

Single Responsibility Principle

Open-Closed Principle

Liskov Substitution Principle

Interface Segregation Principle

Dependency Inversion Principle

The post isn't language specific so you won't find any code examples but it is a great introduction to the principles for those that are just starting out.

Domain-driven design is a software design that focuses on understanding underlying business. It is useful for long-term projects because it leads to high-quality software that serves users. It helps when dealing with difficult problems, keeps track of core problems and prevents us from getting lost in the code.

The author starts the article by talking about issues before adopting a domain-driven design process and briefly describes what DDD is and what its goals are. The post then gets into some the basics behind defining your own domain and gives an example of definition of "account" and "price" for an e-commerce application. It then goes on to talk about goal of creating a ubiquitous language for the product that also includes functionality and process, not just the objects in the system.

On the Delicious Brains site there's a tutorial that shows you how to use Microsoft's VS Code IDE for PHP development. They focus more specifically on WordPress development but a lot of the environment setup could be used for any PHP project.

If you keep up with the many different text editors and developer tools available, you may have heard of a newer IDE called Visual Studio Code. VS Code is a free, open source code editor that is lightweight like Sublime Text, but offers many of the same features as bigger IDEs like PhpStorm or WebStorm.

In this article I’ll review some features and extensions of VS Code that I really appreciate, and show you how to make the most out of it for WordPress and general web development.

The tutorial walks you through the installation and integration of various PHP development tools including an "intellisense" extension, XDebug support, a Javascript debugger and a few other helpful extensions. Install instructions are included as well as screenshots/screencasts showing the end result.

On the TutsPlus.com site there's a new tutorial posted for the Laravel users out there covering a few pieces of the authorization features of the framework. The tutorial covers "gates" and "policies", introducing some of their basic concepts and providing example code to implement your own.

Today, we're going to discuss the authorization system of the Laravel web framework. The Laravel framework implements authorization in the form of gates and policies. After an introduction to gates and policies, I'll demonstrate the concepts by implementing a custom example.

I assume that you're already aware of the built-in Laravel authentication system as that's something essential in order to understand the concept of authorization. Obviously, the authorization system works in conjunction with the authentication system in order to identify the legitimate user session.

The article starts by introducing some of the basic approaches the framework takes to authorization handling and where gates and polices fit in. It then gets into the details of each including example code showing how to define them based on the interfaces provided. The tutorial then shows how to put them to use in a simple application, applying them at both the controller and view level.

Niklas Keller has a post to his site covering the magic behind async PHP and how it can help your application gain some performance by working around the typical PHP execution flow.

Async PHP allows a massive speedup of applications by leveraging non-blocking I/O. It allows making multiple HTTP requests in parallel or any other way of I/O multiplexing. But what’s the magic behind it? How does it actually work?

He starts with a brief explanation of the difference between blocking and non-blocking I/O, pointing out that the main difference is the use of streams. He includes a bit of code to help illustrate but moves quickly on to talking about the Amp PHP package. This library allows for easier (and faster) development of non-blocking processes using an event loop. He also shares a package that was created to help make it even simpler by providing an abstraction layer on top of the Input and Output streams.

When developing a software, one of the most common steps is taking care that the resulting application is extensible and modular.

Let's suppose we have our application or library. If we see it from outside, often it looks as a single thing. [...] As the application grows we can continue adding components... but this comes with a price. Components often knows too much of our application and there is a delicate equilibrium of dependencies between them and our application. When not handled carefully, a small change in one component might require changes in many other.

As a rule of thumb, I personally try to follow as much as possible the Acyclic dependencies principle Another way to allow extensibility but keeping the application "clean" is to introduce modules.

He starts by talking about modules and the major part they'll play in the overall architecture. He explains why modules are so key to the overall structure and what kind of advantages they bring along with their use. He spends the remainder of the post looking at some of the main challenges they'll face including the file/directory structure definitions, module registration methods and the configuration of each of the modules.

PHP is a server-side language. This concept may be a little difficult to grasp, especially if you’ve only ever designed websites using client-side languages like HTML, CSS, and JavaScript.

A server-side language is similar to JavaScript in that it allows you to embed little programs (scripts) into the HTML code of a web page. When executed, these programs give you greater control over what appears in the browser window than HTML alone can provide. The key difference between JavaScript and PHP is the stage of loading the web page at which these embedded programs are executed.

At this point they assume you've already set up the server to allow for PHP execution. They then provide an example of a HTML page with a bit of PHP that generates a random number. It then gets into some of the basic language syntax and statements and how they're used in the PHP code.

The TutsPlus.com site has a new tutorial posted in their "CMS" section showing you how to use Deployer to deploy your sites. Deployer is a PHP-based deployment tool that makes it simpler to automate steps and create repeatable deployment methods.

Automated workflow for deployment is a great tool that every software development team must have. The release process, when it is fast, secure and fault tolerant, can save time for developing more great things. And the good news that there are many great tools for creating an automated release cycle.

In this article, I'm going to introduce you a deployment tool called Deployer. I like to use it because it is written in PHP, is easy to set up, and has many handy features to integrate the deployment process into your team's workflow.

They start with a brief overview of what a deployment process is and how to get the SSH certificates installed for the cross-server communication. The tutorial then shows how to get Deployer installed and create your first deployment script using a PHP configuration file and several built-in commands. They show the directory structure created on the server by the deployment, rollback functionality and how to define a custom task. The article wraps up with a mention of third-party recipes that can be added on to add more functionality (like the Slack plugin for deployment notifications).